4.3 - CompTIA Security+

Identification methods

Vulnerability scan

  • Vulnerability scans: Examinations of a particular system (e.g., port, device, application) to check for exploitable security flaws.

Application security

  • Application security: Measures and practices designed to protect applications from threats throughout their lifecycle, including secure coding practices, regular code reviews, and deployment of security tools to identify vulnerabilities.

Static analysis

  • Static code analysis: A method of debugging by examining the source code before a program is run, which helps identify potential vulnerabilities and code quality issues without executing the code.

Dynamic analysis

  • Dynamic code analysis: A technique that involves taking random input and placing it into an application to analyze behavior during its execution.

Package monitoring

  • Package monitoring: Techniques and tools designed to mitigate risks from application vulnerabilities in third-party code, such as libraries and dependencies.

Threat feed

  • Threat feed: An automated stream of information about potential threats and vulnerabilities, including malware signatures, phishing URLs, and exploits, enabling organizations to proactively defend against cyber threats.

Open-source intelligence (OSINT)

  • Open-source intelligence (OSINT): Gathering and analyzing publicly available information to identify potential security threats.

Proprietary/third-party

  • Proprietary/closed: Software code or security research that remains in the ownership of the developer and may only be used under permitted license conditions.

Information-sharing organization

  • Information-sharing organizations: Collaborative groups that exchange data about emerging cybersecurity threats and vulnerabilities.

Dark web

  • Dark web: A part of the internet that is not indexed by search engines, and only accessible via specialized software (Tor Browser) - typically associated with illegal activity/cybercrime.

Penetration testing

  • Penetration testing: A simulation of a cyber attack on a system, designed to identify and exploit vulnerabilities to enhance security measures.

Responsible disclosure program

  • Responsible disclosure program: A process that allows researchers and reviewers to safely disclose vulnerabilities to a software developer.

Bug bounty program

  • Bug bounty: A reward scheme operated by software and web services vendors for reporting vulnerabilities.

System/process audit

  • System/process audit: An audit process with a wide scope, including assessment of supply chain, configuration, support, monitoring, and cybersecurity factors.

Analysis

Confirmation

False positive

  • False positive: An instance where a security software/analysis marks a threat that is actually harmless.

False negative

  • False negative: An instance where security software/analysis marks a threat harmless when it is actually harmful.

Prioritize

  • Threat prioritization: In cybersecurity, it is crucial to prioritize threats based on their potential impact and likelihood of occurrence to effectively allocate resources and manage risks.

Common Vulnerability Scoring System (CVSS)

  • Common Vulnerability Scoring System (CVSS): A scoring system, provided by NIST, that is used to rank the severity of security vulnerabilities from 0-10.

Common Vulnerability Enumeration (CVE)

  • Common Vulnerability Enumeration (CVE): A standardized system that provides a reference method for publicly known information security vulnerabilities.

Vulnerability classification

  • Vulnerability classification: Categorizing vulnerabilities based on their characteristics, such as the type of system or application affected, the nature of the vulnerability, or the potential impact.

Exposure factor

  • Exposure factor: In risk calculation, the percentage of an asset's value that would be lost during a security incident or disaster scenario.

Environmental variables

  • Environmental variables: In vulnerability assessment, factors or metrics due to local network or host configuration that increase or decrease the base likelihood and impact risk level.

Industry/organizational impact

Risk tolerance

  • Risk tolerance: The acceptable level of risk that an organization is willing to take on in pursuit of its objectives.

Vulnerability response and remediation

Patching

  • Patching: The process of applying updates to software or systems to address known vulnerabilities, thereby minimizing potential risks.

Insurance

  • Cybersecurity insurance: Financial protection against losses that occur due to security vulnerabilities.

Segmentation

  • Segmentation: Dividing a network into separate pieces to contain potential security breaches.

Compensating controls

  • Compensating controls: Measures put in place to mitigate the risk of a vulnerability when security teams cannot directly eliminate it or when direct remediation is not immediately possible.

Exceptions and exemptions

  • Exceptions and exemptions: Conditions under which certain policies or procedures may not apply, allowing for flexibility in security protocols while still maintaining an acceptable level of risk management.

Validation of remediation

  • Validation of remediation: The process of assessing implemented security controls to ensure they are effective in mitigating identified vulnerabilities and that any compensating controls are functioning as intended.

Rescanning

  • Re-scanning: Performing additional vulnerability scans after remediation actions have been implemented.

Audit

  • Audit: In-depth examination of the remediation process/review of the steps taken to address the vulnerability.

Verification

  • Verification: Confirming the results of remediation actions - this involves manual checks, automated testing, or system log review.

Reporting

  • Vulnerability report: A document that highlights the existing vulnerabilities and ranks them based on their severity and potential impact on the organization's assets, enabling management to prioritize remediation efforts effectively.